Cars hacked through wireless tire sensors

Researchers have shown that the tire pressure monitoring sensors found in new …

The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina. The wireless sensors, compulsory in new automobiles in the US since 2008, can be used to track vehicles or feed bad data to the electronic control units (ECU), causing them to malfunction.

Earlier in the year, researchers from the University of Washington and University of California San Diego showed that the ECUs could be hacked, giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator.

The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.

The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.

Unlike the work earlier this year, these attacks are more of a nuisance than any real danger; the tire sensors only send a message every 60-90 seconds, giving attackers little opportunity to compromise systems or cause any real damage. Nonetheless, both pieces of research demonstrate that these in-car computers have been designed with ineffective security measures.

The Rutgers and South Carolina research will be presented at the USENIX Security conference later this week.

I think we need to wait until someone gets hurt.Have there been live attacks (either nuisance or not) yet?If you are a superspy and your adversary might use this against you then... disable your TPM system. For the rest of us it's no problem until someone gets hurt.

Remember that saying "It's all fun and games 'til someone gets hurt"? No one has been hurt yet. No need to stop the fun&games.

As things evolve, people learn. Wired or Wireless internet connections was kinda the same way, as it evolved people learned the ins-and-outs of everything and over time became more proficient at hacking our internet connections, the web sites we visit, and getting into our computers. People said the same thing many years ago "Oh its harmless, no one will ever be able to cause any harm from it." - millions upon millions of dollars stolen via those "harmless" pranks later in criminal activity proved them wrong I guess. This will be the same eventually, a never ending hack/counter-hack development battle. Then, eventually, of course the knuckleheads that will say that causing a car to crash or something and seriously injuring someone or killing someone eventually was "making things safer by exposing weaknesses" publically.

How stupid can you get in believing that no one will ever find a way to exploit this 'concept' for something or other if it can be done. Heck, there are 12 year old kid gangs roaming the streets now beating up people with pipes just for the fun of it, you don't think the thought of actually taking control of, or disabling something or other, on a person vehicle going down the road at 60 MPH does not appeal to the idiots in this world?

Your wife is cute. Does she like BBC?==========================================================I personally really enjoy a Biscuit with Bacon & Cheese, but I suspect that's not what you meant. While I also dislike spam quite a bit (see my custom title), I think your response may have been a bit over the top.

Please report spam, either by clicking the report post link, or by emailing mods at arstechnica dot com.

Did this hack still require physical access to the OBD port to set up? If so, I'm still not terribly concerned - as with anything else, anyone who has physical access to anything has already completely compromised the security of the system. Someone with physical access to my car can already attach a tracking device to it (they don't even need to get at the OBD port for that, just inside the bumper).

Someone with physical access to the engine compartment of my car doesn't need to use the on-board computers to wreak havoc with my brakes, accelerator, steering, or really pretty much anything. Some tape, a radio, and a little servo would be enough to engage in remote control of acceleration on my dad's '69 Custom S, assuming access to the engine compartment.

Now, if this can all be done wirelessly - say, through the OnStar system - then it's a much larger concern.

I've seen that you've had a lot of bad press lately and a lot of recalls due to unintended acceleration. We're really sorry about that but for the small sum of $250,000,000 we can make this problem go away...

Sanitizing input while crucial and probably not always done, may not be enough. Vehicle networks need to include protections against impersonation attacks, even if those impersonations are coming from within their own network.

I'm curious about the "remote tracking" ability. While it would seem plausible to identify uniquely particular cars passing nearby, but not to locate a particular car on a larger scale like a GPS tracker. I don't see this a s problem. - License plates are *required* by law, specifically to enable such an ability, and no hack is needed. Plates can even be traced to the owner's identity. - As another poster mentioned, it would be trivial to attach a GPS tracker to a car where it would not likely be detected.

I think we need to wait until someone gets hurt.Have there been live attacks (either nuisance or not) yet?

If it has, I doubt we would know about it, unless it has been done on a large scale or if a "vehicular rootkit" is found. When the driver of a car involved in an accident blames the car, and nothing can be found, I'm pretty sure the conclusion is going to be driver error.

And unlike failures in the firmware itself, an externally-introduced exploit might have all traces wiped when DRAM loses power.

Sanitizing input while crucial and probably not always done, may not be enough. Vehicle networks need to include protections against impersonation attacks, even if those impersonations are coming from within their own network.

I'm curious about the "remote tracking" ability. While it would seem plausible to identify uniquely particular cars passing nearby, but not to locate a particular car on a larger scale like a GPS tracker. I don't see this a s problem. - License plates are *required* by law, specifically to enable such an ability, and no hack is needed. Plates can even be traced to the owner's identity. - As another poster mentioned, it would be trivial to attach a GPS tracker to a car where it would not likely be detected.

The ID strings/keys used by the sensors are large enough to uniquely identify a wheel. Even if made shorter, 4 keys together will get you reasonable certainty identifying a specific car, even if the plate was changed.

I don't think this would work well for tracking purposes though, as the signal is weak, and the sensors are off under a certain RPM, which is about 20MPH I think.

But you could easily sit near a busy intersection that just happens to be near a tire shop and trigger false tire pressure dash lights....

And my clients wonder why a professional geek prefers old vehicles with no (or little) computerization. It's often made me sound like a paranoid freak but this surprises me not at all.

Battlestar Galactica!!

I wonder if the range on these TPS "attacks" can be increased by using a more powerful transmitter/receiver. That would be seriously dangerous - imagine crashing the ECU while someone is going 60mph on the highway. Or making someone pull over because of a warning light, then carjacking them (or worse). Amazing how many things are becoming attack vectors with the proliferation of electronics.

Sarcasm aside, I don't like the feel of "drive by wire". Electronic gas pedals are particularly annoying. I can feel the difference, and it's worse.

For the gas pedal, I think it is intentionally worse to improve emissions or something like that. I'm glad I have the last model-year of my car with an actual throttle cable I'm all for improving efficiency but I'd rather have a smaller engine than a crappy throttle. I hear it's particularly annoying with a manual transmission.

I'm pretty sure tire pressure sensors were made mandatory after the Ford Explorer / Firestone (+ people not knowing how to drive) debacle, because one of the root causes was people driving on tires without enough air pressure. I thought that they were just using the (wired) ABS sensor on the hub to measure rotation speed -> tire diameter -> tire pressure, but I guess they've gone to these wireless sensors to directly measure the pressure now.

While I understand the motivations, I am also not a fan of these trends in automotive design.

Electronic throttle? Tire pressure wireless sensors? WTF is this s**t?! What I love about cars is that it is generally a mechanical wonder, operated WITHOUT computer assist. If I put pedal to the metal, I generally mean that, and it is purely up to me to decide if it is smart. On the other hand, there are enough idiots that actually shouldn't be allowed to drive by themselves, so maybe we just need two lines of cars.